This invention relates generally to a private system to store and retrieve all types of information with the use of biometrics for authentication and encryption techniques for security.
In this age of the information highway, virtually all personal and financial information is stored within computer systems. Yet this information tends to be scattered among different organizations, such as Federal and local governments, banks, merchants, and educational facilities. For this reason, access to all stored information from one source is virtually impossible, or, at the very least impracticable. Furthermore, in certain cases access to information requested by its provider, or owner, is restricted.
In today's information age, users are required to provide personal information freely, however, their access to that information may be strictly prohibited. Merchants normally require financial information to complete transactions, yet they are unlikely to divulge any credit data regarding that individual. Governmental agencies usually maintain a detailed profile database on all individuals, but some, or all, of this information is not accessible to the respective individuals. However, when governmental agencies do allow people to access their information, these venues can be described as inconvenient, limited in accessible hours, entailing waiting on long lines, and inadequate service. These facilities may include: county courthouses, departments of motor vehicles, departments of welfare services, departments of housing, departments of immigration and naturalization services, and the various other government agencies. A major reason the government will not allow computer access to personal information is due to security and identity verification issues. The infeasibility of a secure solution has made convenient access impracticable.
There is not one entity currently available to house all personal information for convenient retrieval. Personal information may include, but is not limited to: leases, deeds, passports, birth certificates, wills, trusts, driver's licenses, bank account information, credit information, commercial transaction information, educational information, and citizenship information.
Even if a secure system were available, security issues would make people hesitant to supply their personal information electronically. Hackers may attempt to compromise computer systems to conduct vandalism, espionage, and theft. It is possible for hackers to gain successful, unauthorized access to computer systems.
Even for systems with nearly absolute security, by allowing access only to authorized individuals, there is still the danger of fraud through the impersonation of an authorized user. For example, bad checks are abundant within the stream of commerce. Individuals may steal checks and forge signatures.
Other computer systems designs do not reflect the issue of security as a primary concern. Some systems utilize passwords in the form of alphanumeric characters, which can be easily guessed using algorithms capable of generating random combinations of numbers and letters. This type of security is further susceptible to user negligence, e.g., forgotten, lost, stolen, or intercepted passwords.
Other approaches have focused on providing secure identification and verification. U.S. Pat. No. 5,790,668 discloses a system and method to provide secure handling of data through means of a personal identifier database. Similarly, U.S. Pat. No. 5,930,804 discloses Web-based security measures and methods to implement such measures and Web-based authentication systems and methods. Similarly, U.S. Pat. No. 5,870,723 discloses a method and system to provide a biometric transaction authorization with the use of a PIN number. Similarly, U.S. Pat. No. 5,995,630 discloses a method to facilitate secure and authorized access to a computer.
While these approaches provide a method to avoid the problems associated with unauthorized access with user identification, they have disadvantages. These approaches focus on a gateway comprising security and user verification. First, these approaches do not offer a secure, authenticated centralized repository system. The database element in these approaches is limited to storing information pertinent to a particular business, or security purpose. For example, the databases in these inventions house only biometric information, personal identifiers, limited financial information, or encryption keys. Accordingly, these approaches do not offer an imnplementable system that serves as a secure repository in which to store any and all types of data.
These approaches also have a security deficiency, as they require a personal PIN number or personal identifier. These methods seriously compromise the security of the system as a whole. PIN numbers can be forgotten, lost, misplaced, and obtained through disreputable algorithmic approaches or other schemes.
Furthermore, systems that require personal identifiers commonly associate the person's Social Security Number with their identity. These approaches inherently lack the ability to provide anonymity to the users. Information is inexplicably tied to a particular person. Individuals are uniquely identified with ease through a Social Security Number. Moreover, Social Security Numbers are easily accessible and widely utilized. It is common practice for governmental institutions, financial institutions, educational institutions, and medical institutions and to use Social Security Numbers as personal identifiers. Most of these institutions utilize and display Social Security Numbers with disregard for privacy or security. Thus, the identity of the data owner can be easily obtained through his Social Security Number.
However, none of these verification systems offer a general, centralized database to store any, and all, types of data and information. Accordingly, there is a need for a system where any type of information may be stored securely and retrieved with anonymity, ease and convenience. Further, there is a need for a single, comprehensive, information storage system having reliability, privacy, authenticity, and accessibility.
By way of further background, U.S. Pat. No. 6,032,137 and U.S. Pat. No. 5,910,988 commonly assigned herewith and incorporated herein by this reference, describe data repository systems and methods, for example as applied to commercial payments and transactions.